Splunk Enterprise Security

Why am I unable to match the 1st Dropdown List going to 2nd DropDown list using XML coding?

atulod1
New Member

Hi

I would like to ask for help regarding how to match the first dropdown list to the 2nd dropdown list. Here the below is my XML coding.

Payment Requirements -Customed Dashboard

<input type="dropdown" token="tokServer" searchWhenChanged="True">
  <label>Organization Environment</label>
  <fieldForLabel>ServerEnvironment</fieldForLabel>
  <fieldForValue>ServerEnvironment</fieldForValue>
  <search>
    <query>
    | inputlookup server_mapping_list.csv | field ServerEnviroment | dedup ServerEnviroment 

    </query>
     <earliest>-24@h</earliest>
     <latest>now</latest>
     </search>
     <choice value="ServerEnv1"> ServerEnv1</choice>
     <choice value="ServerEnv2"> ServerEnv2</choice>
     <choice value="ServerEnv3"> ServerEnv3</choice>
     <choice value=" ServerEnv4"> ServerEnv4</choice>
     <choice value="ServerEnv5"> ServerEnv5</choice>
      </input>
<input type="dropdown" token="tokPCI" searchWhenChanged="True">
  <label>PCI Requirements</label>
  <fieldForLabel>PCIReq10</fieldForLabel>
  <fieldForValue>PCIReq10</fieldForValue>
  <search>
    <query>
     | inputlookup server_mapping_list.csv | sort  ServerEnviroment ="$tokServer$"
     | makemv delim="," PCIReq10| mvexpand PCIReq10 | table PCIReq10 
      </query>
      <earliest>-24@h</earliest>
    <latest>now</latest>
  </search>
</input>

Here is inputlookup that I created (server_mapping_list.csv)

PCIReq10                    ServerEnvironment
10.2.2                          ServerEnv2, ServerEnv5
10.2.2(SQ01)        ServerEnv3
10.2.2(SQ03)        ServerEnv3
10.2.3          ServerEnv1, ServerEnv4, ServerEnv5
10.2.4          ServerEnv1, ServerEnv3, ServerEnv4, ServerEnv5
10.2.5a         ServerEnv1, ServerEnv4, ServerEnv5
10.2.5b         ServerEnv5
10.2.5c         ServerEnv5

Here is the exact output will come up.
If I choose

ServerEnv1 on the first dropdown list   then 2nd dropdown list, the default will be is 10.2.3, 10.2.4 and 10.2.5a
ServerEnv2 on the first dropdown list then 2nd dropdown list, the default will be 10.2.2
ServerEnv3 on the first dropdown list then 2nd dropdown list, the default will be 10.2.2(SQ01), 10.2.2(SQ03)
ServerEnv4 on the first dropdown list then on the 2nd dropdown list, the default will be 10.2.2, 10.2.3, 10.2.4, and 10.2.5a
ServerEnv5 on the first dropdown list, then on the 2nd dropdown list, the default will be 10.2.2, 10.2.3, 10.2.4, 10.2.5a, 10.2.5b, 10.2.5c

Hoping you can correct my code. Thanks in advance

0 Karma
Get Updates on the Splunk Community!

Set Up More Secure Configurations in Splunk Enterprise With Config Assist

This blog post is part 3 of 4 of a series on Splunk Assist. Click the links below to see the other ...

Observability Highlights | November 2022 Newsletter

 November 2022Observability CloudEnd Of Support Extension for SignalFx Smart AgentSplunk is extending the End ...

Enterprise Security Content Update (ESCU) v3.54.0

The Splunk Threat Research Team (STRT) recently released Enterprise Security Content Update (ESCU) v3.54.0 and ...